(Revised: 7 December 2016)

Transcription

1 Summary of Amendments and Introduction of New Obligations to the Guidelines on Prevention of Money Laundering and Terrorism Financing for Capital Market Intermediaries (Revised: 7 December 2016) The following table provides a summary of key amendments made to the Guidelines on Prevention of Money Laundering and Terrorism Financing for Capital Market Intermediaries effective on 7 December General Amendments made throughout the Guidelines on Prevention of Money Laundering and Terrorism Financing for Capital Market Intermediaries 1. Editorial amendments including: (a) streamlining certain terminology to enhance clarity and ensure consistency throughout the Guidelines (AMLA instead of AMLATFA) (b) insertion of cross-reference to other parts of the Guidelines where relevant; and (c) clarifying certain requirements by rephrasing the requirements or giving examples and clarifications in the requirement without any change in policy; and 2. Renumbering and rearrangements of current requirements in the Guidelines. No 1. Paragraph 1.1: The Guidelines on Prevention of Money Laundering and Terrorism Financing for Capital Market Intermediaries (Guidelines) are issued pursuant to Section 83 and section 66E of the Anti-Money Laundering and Anti- Terrorism Financing Act 2001 (AMLATFA) and section 377 of the Capital Markets and Services Act 2007 (CMSA). Amendment of Paragraph 1.1: The Guidelines on Prevention of Money Laundering and Terrorism Financing for Capital Market Intermediaries (Guidelines) are issued pursuant to Section 83 and section 66E of the Anti-Money Laundering, and Anti- Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLATFA) (AMLA) and section 377 of the Capital Markets and Services Act 2007 (CMSA). read together section 158(1) of the Securities Commission Act Paragraph 1.1 is amended to enable accurate referencing to the Anti- Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 amended in 2014 and the new definition of securities laws introduced in

2 2. Paragraph 1.4: These Guidelines shall replace the Guidelines on Prevention of Money Laundering and Terrorism Financing for Capital Market Intermediaries issued on 31 March Deletion of Paragraph 1.4: These Guidelines shall replace the Guidelines on Prevention of Money Laundering and Terrorism Financing for Capital Market Intermediaries issued on 31 March Paragraph 1.4 is deleted as this is a revised Guidelines. 3. Paragraph 1.7: Non-compliance with any of the provisions in these Guidelines will subject the reporting institution to actions under the AMLATFA, CMSA or any other relevant provisions under the laws of which these Guidelines are subject to. 4. Paragraph 3.1- Definitions No definition for customer and private retirement scheme Renumbered to Paragraph 1.6 and amendment to Paragraph 1.6: Non-compliance with any of the provisions in these Guidelines will subject the reporting institution to actions under the AMLATFA, Capital Markets and Services Act 2007 (CMSA) or any other relevant provisions under the laws of which these Guidelines are subject to. Insertion of new terms customer and private retirement scheme under Paragraph 3.1- Definitions: customer means new or existing customer Paragraph 3.1 is amended to insert new terms on customer and private retirement scheme as references are made to these terms in the requirements. private retirement scheme has the same meaning as provided under section 139A of the CMSA. 2

3 5. Paragraph 3.1- Definition of third party : third party means a financial institution that is supervised and monitored and that meets the requirements under Paragraph 8.7 of these Guidelines, who is relied upon by the reporting institution to conduct the due diligence process. Amendment to Paragraph 3.1- Definition of third party : third party means a financial institution that is supervised and monitored and meets the requirements under Paragraph 8.7 of these Guidelines, who is relied upon by the reporting institution to conduct the due diligence process. Definition of third party is amended to streamline with international standards issued by the Financial Action Task Force (FATF). Reliance on third party often occurs through introductions made by another member of the same group or by another reporting institution. Reliance on third party often occurs through introductions made by another member of the same group or by another reporting institution. This definition does not include outsourcing or agency relationship because the outsourced service provider or agent is regarded as synonymous with the reporting institution. This definition does not include outsourcing or agency relationship because the outsourced service provider or agent is regarded as synonymous with the reporting institution. 6. Paragraph 6.1 There is a common obligation in the AMLATFA not to facilitate ML/TF. A reporting institution is required to take the necessary steps in order to prevent ML/TF and have a system in place for reporting suspected ML/TF transactions to the FIED. Amendment to Paragraph 6.1 There is a common obligation in the AMLATFA not to facilitate ML/TF. A reporting institution is required to take the necessary steps in order to prevent ML/TF and have a system in place for reporting suspected ML/TF transactions to the FIED. Paragraph 6.1 is amended as the obligation is reflected under the AMLA. 3

4 7. Paragraph 6.2: In combating ML/TF, the board of directors of a reporting institution must ensure the following: Amendment to Paragraph 6.2: In combating ML/TF, the board of directors of a reporting institution must ensure the following: Paragraph 6.2 is amended as the reporting institution is responsible for implementing preventive measures. Notwithstanding, the board of directors will be ultimately responsible for compliance with the requirements as provided under Paragraph Sub-paragraph 6.2 (c): Establishing policies, procedures and training: A reporting institution must issue and adopt policies and procedures which are consistent with the principles set out under the AMLATFA and these Guidelines. A reporting institution must also ensure that its board of directors and employees are well versed and fully understand these policies and procedures. A reporting institution must also provide adequate training to its board of directors and employees to keep abreast on matters under the AMLATFA and these Guidelines. To promote adherence to these principles, the reporting institution must implement specific policies and procedures including for customer identification, retention of financial transaction documents and reporting of suspicious transactions. Amendment to sub-paragraph 6.2 (c): Establishing policies, procedures and training internal controls: A reporting institution must issue and adopt policies and procedures which are consistent with the principles set out under the AMLATFA AMLA and these Guidelines. A reporting institution must also ensure that its board of directors and employees are well versed and fully understand these policies and procedures. A reporting institution must also ensure on-going provide adequate training programmes are to its board of directors and employees to conducted to keep its board of directors and employees abreast on matters under the AMLATFA AMLA and these Guidelines. To promote adherence to these principles, the reporting institution must implement specific policies and procedures including for customer identification, retention of financial transaction documents and reporting of suspicious transactions. Sub-paragraph 6.2 (c) is amended for editorial purposes to provide clarity. 4

5 9. Sub-paragraph 6.2 (e): Customer Due Diligence: A reporting institution must have an effective procedure for verifying its customers and obtaining satisfactory evidence of its customer's identity. Amendment to sub-paragraph 6.2 (e): Customer Due Diligence: A reporting institution must have an effective procedure to identify its customers and for verifying its customers and to obtaining satisfactory evidence to verify of its customer's identity. Sub-paragraph 6.2 (e) is amended to clarify two key obligations for the purpose of Customer Due Diligence, which are the identification and verification of a customer s identity. 10. Paragraph 6.3: The board of directors in establishing the appropriate policies and procedure for the prevention of ML/TF, must consider carefully the specific nature of its business, organisational structure, type of customer and transaction, etc. to satisfy itself that the measures taken by them are adequate and appropriate to follow the spirit of the suggested measures in these Guidelines. Deletion of Paragraph 6.3: The board of directors in establishing the appropriate policies and procedure for the prevention of ML/TF, must consider carefully the specific nature of its business, organisational structure, type of customer and transaction, etc. to satisfy itself that the measures taken by them are adequate and appropriate to follow the spirit of the suggested measures in these Guidelines. Paragraph 6.3 is deleted as the similar requirement is already provided for in Paragraph Paragraph 6.4: The board of directors must also ensure the reporting institution regularly reviews its policies, procedures and controls to ensure its effectiveness and that they are in line with international developments, particularly the FATF Recommendations on combating money laundering and the financing of terrorism and proliferation. Renumbered as Paragraph 6.3 and amendment to Paragraph 6.3: The board of directors must also ensure that the reporting institution regularly reviews its policies, procedures and controls to ensure its that they are effectiveness and in line with international developments, particularly the FATF Recommendations on combating money laundering and the financing of terrorism ML/TF. and proliferation. 5

6 12. Paragraph 7.1.1: In formulating policies and procedures for the prevention of ML/TF, a reporting institution must take appropriate steps to identify and assess its ML/TF risks, in relation to its customers, products, services, transactions and countries. Renumbered as Paragraph 7 and amendment to Paragraph 7: In formulating policies and procedures for the prevention of ML/TF, a reporting institution must take appropriate steps to identify, and assess and mitigate its ML/TF risks, in relation to its customers, products, services, transactions and countries. Appendix A of these Guidelines provides the measures to be adopted in implementing a risk-based approach. Paragraph is amended to introduce Appendix A which provides measures implement risk-based approach. 6

7 13. Paragraph 7.1.5: A reporting institution is required to also implement and maintain appropriate policies and procedures for its representatives and employees to assist them to conduct risk profiling of their customer during the establishment of the business relationship. In determining the risk profile of a particular customer, the reporting institution must take into account, among others the following factors: Renumbered as Paragraph and amendment to Paragraph 7.1.4: A reporting institution is required to also implement and maintain appropriate policies and procedures for its representatives and employees to assist them to conduct risk profiling of their customer during the establishment of the business relationship. In determining the risk profile of a particular customer, the reporting institution must take into account, among others the following factors: a) customer risks (example residents or non-residents, type of customer, occasional or one off, legal person, structure, types of PEP or types of occupation); a) customer risks example e.g. residents or nonresidents, type of customer, occasional or one off, natural or legal person, structure, types of PEP or types of occupation); b) geographical location of business or country of origin of customers; c) products, services, transactions or delivery channel (example cash-based, face-to-face or non face-to-face or cross-border); and d) any other information suggesting that the customer is of higher risks. b) geographical location of business or country of origin of customers; c) products, or services, transactions or delivery channel (example cash-based, face-to-face or non face-to-face or cross-border); and d) transactions or distribution channel e.g. cash-based, face-to-face or non face-to-face or cross-border; and e) any other information suggesting that the customer is of higher risks. 7

8 14. Paragraph 8.1.3: Paragraph 8.1.3: A reporting institution is required to A reporting institution is required to (a) identify the customer (including foreign body corporate) and verify such customer s identity using reliable, independent source of documents, data or information; (a) identify the customer (including foreign body corporate) and verify such customer s identity using reliable, independent source of documents, data or information; (b) verify that any person purporting to act on behalf of the customer is authorised and identify and verify the identity of that person; (b) verify that any person purporting to act on behalf of the customer is authorised and identify and verify the identity of that person; (c) identify and take reasonable measures to verify the identity of the beneficial owner, using relevant information or data obtained from reliable source, as such that the reporting institution is satisfied that it knows who the beneficial owner is; and (c) identify and take reasonable measures to verify the identity of the beneficial owner, using relevant information or data obtained from reliable sources; and as such that the reporting institution is to be satisfied that it knows who the beneficial owner is; and (d) understand and where relevant obtain information on the purpose of opening an account and the intended nature of the business relationship. (d) understand and where relevant obtain information on the purpose of opening an account and the intended nature of the business relationship. 8

9 15. - Insertion of new Paragraph 8.1.5: Delayed verification in relation to private retirement scheme. a) Paragraph herein is only applicable to a reporting institution that provides and manages a private retirement scheme. b) The reporting institution may complete the verification after the establishment of the business relationship to allow some flexibility for its customer and beneficial owner to furnish the relevant documents. c) Before a reporting institution adopts delayed verification, it must ensure that: Paragraph is introduced to facilitate PRS providers to conduct delayed verification on customers, only in relation to private retirement schemes. However, a PRS provider who opts to conduct delayed verification on its customer must ensure that it is able to manage any ML/TF risk arising from delayed verification and ensure that it does not interrupt the PRS provider s normal conduct of business with the customer. The PRS provider must also complete the verification within 7 business days. (i) any ML/TF risk arising from the delayed verification can be effectively managed; and (ii) the delay is essential so as not to interrupt the reporting institution s normal conduct of business with the customer. d) Where a reporting institution adopts delayed verification, verification must be completed no later than seven business days or any time before redemption, whichever is earlier. 9

10 e) If delayed verification cannot be completed in accordance with sub-paragraph (d) above, the business relationship must be terminated and the reporting institution must comply with paragraph Sub-paragraph (b) (I) (iv): to the extent, there is a doubt as to whether the controlling ownership interest is the beneficial owner or where no natural person exerts control through ownership interest, the identity of the natural person (if any) who exercises control of the legal person or arrangement through other means or who holds the position of senior management. Renumbered as sub-paragraph 8.1.6(b)(I)(iv) and amendment to sub-paragraph (b)(i)(iv): to the extent, there is a doubt as to whether the controlling ownership interest is the beneficial owner or where no natural person exerts control through ownership interest, the identity of the natural person (if any) who exercises control of the legal person or arrangement through other means or who holds the position of senior management. Sub-paragraph 8.1.6(b)(I)(iv) is amended to clarify that this Paragraph is only applicable for legal person. 17. Sub-paragraph (b) (ii): not listed in high risks jurisdictions with AML/CFT deficiencies; Renumbered as sub-paragraph (b) (ii): not listed in high risks jurisdictions identified in the FATF Public Statements with AML/CFT deficiencies; Editorial amendments to provide clarity on the FATF s Public Statements on higher risk and noncooperative jurisdictions. 10

11 18. - Insertion of new Paragraph 8.1.8: CDD requirements for establishing non face-to-face business relationship (a) A reporting institution is required to establish appropriate measures for identification and verification of a customer s identity before establishing non face-to-face business relationship. Paragraph is introduced to enable reporting institutions to conduct non-face-to-face verification by leveraging technology. Reporting institutions that opt to establish a non-face-to-face business relationship must at all-times comply with additional verification measures imposed under this Paragraph. (b) A reporting institution must develop and implement policies and procedures to address and mitigate specific ML/TF risks associated with establishing non face-to-face business relationship. (c) For the purpose of verification of the identity of a non face-to-face customer, a reporting institution must undertake any of the following measures: (i) requesting for additional identification documents or information e.g. bank statements, utility bills; (ii) substantiating the customer s information with any independent source, e.g. contacting the customer s employer and verification through database maintained by any relevant authorities; (iii) contacting the customer through any digital communication channel to visually verify the customer s identity; or 11

12 (iv) requesting the customer to make a nominal payment from his own account with a licensed bank under the Financial Services Act 2013, or a licensed Islamic bank under the Islamic Financial Services Act 2013 to enable the reporting institution to satisfy itself of the customer s true identity. (d) Where the reporting institution is unable to verify the customer s identity by adopting the measures provided under paragraph (c) above, the reporting institution must initiate face-to-face business relationship. (e) Sub-paragraphs (a) to (d) above are not applicable to: (i) customers that are identified as foreign PEP; (ii) customers from higher risk and noncooperative jurisdictions as identified by the FATF; or (iii) listed persons or entities subjected to targeted financial sanctions for terrorism financing and financing of proliferation of weapons of mass destruction pursuant to the UNSCR. 12

13 19. Paragraph 8.2.3: For customers that are of higher risk, the reporting institution must monitor the customers accounts on a regular basis for suspicious transactions. One method may be to 'flag' such accounts on the reporting institution s computer. This would assist employees of the reporting institution in carrying out future transactions to take note of the 'flag' and pay extra attention to the transactions conducted by that customer in the account. Amendment to paragraph 8.2.3: For customers that are of higher risk, the A reporting institution must monitor the customers accounts on a regular basis for suspicious transactions. One method may be is to 'flag' such accounts with suspicious transactions for monitoring purpose. on the reporting institution s computer. This would assist employees of the reporting institution in carrying out future transactions to take note of the 'flag' and pay extra attention to the transactions conducted by that customer in the account. Paragraph is to provide clarity that a reporting institution has a continuous obligation to monitor suspicious transactions for all customers. 20. Paragraph 8.2.5: Amendment to Paragraph 8.2.5: While extra care should be exercised in such cases, the reporting institution must weigh all the circumstances of the particular situation and assess whether there is a higher than normal risk of money laundering or financing of terrorism and consider whether to refuse to do any business with such customers. While extra care should be exercised in such cases, the reporting institution must weigh all the circumstances of the particular situation and assess whether there is a higher than normal risk of money laundering or financing of terrorism ML/TF and consider whether to refuse to do any business with such customers. 21. Paragraph 8.3.1: Amendment to Paragraph 8.3.1: A reporting institution must adopt a risk based approach in determining whether to apply a CDD or an enhanced CDD based on the customers background, transaction types or specific circumstances. A reporting institution must adopt a risk based approach in determining whether to apply a standard (as prescribed under paragraph 8.1 above) CDD or an enhanced CDD measures based on the customers background, transaction types or specific circumstances. 13

14 22. Paragraph 8.3.2: The following are circumstances of higher risk that a reporting institution should consider exercising greater scrutiny when approving the opening of an account and when conducting transactions: Amendment to Paragraph 8.3.2: The following are circumstances of higher risk that a reporting institution should consider exercising greater scrutiny when approving the opening of an account and when conducting transactions: Paragraph is amended to complement Appendix A on Risk Based Approach, particularly Relationship Based Risk Assessment. 23. Sub-Paragraph (c): (c) Product, service, transaction or delivery channel risk factors: Anonymous transactions (which may include cash transactions). Non-face-to-face business relationships or transactions. Payment received from multiple persons and/or countries that do not fit into the customer s nature of business and risk profile. Payment received from unknown or unassociated third parties. When conducting CDD for the purpose of opening an account or when conducting ongoing CDD, a reporting institution may take into account the following risk factors and risk parameters when determining circumstances of higher risk: Amendment to sub-paragraph (c): (c) Product, service, Transaction or delivery distribution channel risk factors: Anonymous transactions (which may include cash transactions). Non-face-to-face business relationships or transactions. Payment received from multiple persons and/or countries that do not fit into the customer s nature of business and risk profile. Payment received from unknown or unassociated third parties. Sub-paragraph (c) is amended as the examples provided are for transaction or distribution channel. Notwithstanding the amendments, a reporting institution is still expected to consider products and services in assessing its ML/TF risks. In doing so, a reporting institution is to determine the level of risk for product or services at its own discretion. 14

15 24. Paragraph 8.5.1: The requirements set out in Paragraph 8.5 herein are also applicable to family members or close associates of PEPs. Amendment to Paragraph 8.5.1: The requirements set out in Paragraph 8.5 herein are also applicable to family members or close associates of PEPs. Appendix B of these Guidelines provides measures to be adopted by a reporting institution in dealing with the family members or close associates of PEPs. Paragraph is amended to introduce Appendix B which provides measures to be adopted by a reporting institution in dealing with the family members or close associates of PEPs. 25. Paragraph 8.5.3: Upon determination that a customer or a beneficial owner is a foreign PEP, the requirements of enhanced CDD as set out in Paragraph 8.4 are automatically applicable. Amendment to Paragraph 8.5.3: Upon determination that a customer or a beneficial owner is a foreign PEP, the requirements to conduct of enhanced CDD as set out in Paragraph 8.4 are automatically applicable. is applicable and the reporting institution is also required to conduct ongoing CDD. Paragraph is amended to clarify the obligation that a reporting institution is also required to conduct on-going CDD on a customer or a beneficial owner of a customer identified as a foreign PEP. 26. Paragraph 8.6: High Risk Countries Amendment to Paragraph 8.6: Higher-Risk Countries Paragraph 8.6 is amended to be consistent with the terminology used in the FATF 40 Recommendations. 15

16 27. Paragraph 8.7.1: A reporting institution may rely on a third party to conduct CDD at the point of establishing a business relationship. However, the ultimate responsibility and accountability of such CDD measures shall remain with the reporting institution. Amendment to Paragraph 8.7.1: A reporting institution may rely on a third party to conduct CDD at the point of establishing a business relationship to identify a customer or a beneficial owner. The reporting institution must immediately obtain the necessary information concerning the identification of the customer or the beneficial owner. However, the ultimate responsibility and accountability of such CDD measures shall remain with the reporting institution. Reliance on third parties does not extend to verification of the customer or the beneficial owner s identity. 1) Paragraph is amended to clarify the obligations for third party reliance: a) Reliance on a third party is only permitted on the identification of a customer and does not extend to verification of a customer s identity; and b) Where a reporting institution relies on a third party to conduct identification on customer, the reporting institution must immediately obtain the necessary information from the third party relied. 2) The requirement that the ultimate responsibility shall remain with the reporting institution is relocated in the new Paragraph Insertion of new Paragraph 8.7.6: This requirement was previously under Paragraph Where a reporting institution relies on a third party, the ultimate responsibility for CDD measures remains with the reporting institution. 16

17 29. Paragraph 11.4: If in bringing together all relevant factors, a reporting institution (including its licensed representatives and employees) has reasonable grounds to suspect that the transaction or the funds utilized are the proceeds of a unlawful activity or related to terrorism financing, such transactions should be reported immediately to the FIED via a lodgment of a STR. 30. Paragraph 11.6: The reporting institution must ensure that the compliance officer maintains a complete file on all internal STRs received by him from the reporting institution s employees attached with supporting documentary evidence. Renumbered as Paragraph 11.6 and amendment to Paragraph 11.6: If in bringing together all relevant factors, a reporting institution (including its licensed representatives and employees) has reasonable grounds to suspect that the transaction or the funds utilized are the proceeds of an unlawful activity or is related to terrorism financing, such transactions should be reported immediately to the FIED via through a lodgment of a STR. Renumbered as Paragraph and amendment to Paragraph 11.13: The reporting institution must ensure that the compliance officer maintains a complete file on all internal reports on suspicious transactions and STRs received by him from the reporting institution s employees attached with lodged with the FIED together with the relevant supporting documentary evidence. Paragraph 11.3 is amended to expand the current obligation. A compliance officer is now required to maintain a complete file on all internal reports, as well as the actual STRs lodged with FIED. 31. Paragraph 11.9: It is the obligation of the licensed representative or employee of the reporting institution to alert the reporting institution of a suspicious transaction upon becoming suspicious when dealing with customers. Deletion of Paragraph 11.9: It is the obligation of the licensed representative or employee of the reporting institution to alert the reporting institution of a suspicious transaction upon becoming suspicious when dealing with customers. Paragraph 11.9 is deleted as it should be reflected in a reporting institution s policies and procedures instead. 17

18 32. Paragraph 11.12: The compliance officer in a reporting institution should act as a central reference point within the organisation for all AML/CFT matters, including: Renumbered as Paragraph and amendment to Paragraph 11.16: The compliance officer in a reporting institution should must act as a central reference point within the organisation for all AML/CFT matters, including: Paragraph is amended to: i. impose obligation on a compliance officer to acts as central point for AML/CFT matters; and a) analysing identified suspicious transactions; b) reviewing regularly exception reports of large or irregular transactions generated by the reporting institution s internal system or ad hoc reports made by front-line employees; and a) analysing identified suspicious transactions; b) reviewing regularly exception all internal reports of large or irregular suspicious transactions generated by the reporting institution s internal system or ad hoc reports made by front-line employees; and ii. to widen the scope of review that a compliance officer has to perform with regards to internal reports made by employees. c) lodging of STRs to the FIED. c) lodging of STRs to the FIED. 33. Paragraph 12.1: It shall be an offence to disclose to anyone any information that a suspicion has been formed or that information has been communicated to the FIED and the SC or to infer that these have occurred. Amendment to Paragraph 12.1: It shall be an offence to disclose to anyone any information that a suspicion has been formed or that information or a STR has been communicated to the FIED and the SC or to infer that any of these have occurred. Paragraph 12.1 is amended to clarify that it is also an offence to disclose information that a STR has been communicated to FIED. 18

19 34. Paragraph 12.3: No civil, criminal or disciplinary proceedings shall be brought against a person who: a) discloses or supplies any information in any report made under the AMLATFA; or b) supplies any information in connection with such a report, whether at the time the report is made or afterwards; unless the information is disclosed or supplied in bad faith. Amendment to Paragraph 12.3: No civil, criminal or disciplinary proceedings shall be brought against a person who: a) discloses or supplies any information in any report made under the AMLATFA; or b) supplies any information in connection with such a report, whether at the time the report is made or afterwards; unless the information is disclosed or supplied in bad faith. A reporting institution is required to establish proper policies and procedures to ensure effective controls when considering disclosures of report or related information under section 14A(3) of the AMLA. The current wordings of Paragraph 12.3 as the obligation are already specified in section 24 of AMLA. The new wordings of Paragraph introduce a requirement on a reporting institution to establish policies and procedures when considering permitted disclosure under section14a (3) of AMLA Insertion of new Paragraph 12.4: The Compliance Officer must establish parameters on the types of report or related information that may be disclosed and to whom it may be disclosed under section 14A(3) of the AMLA. All disclosures made pursuant to these parameters must be properly documented with reasonable justification. Paragraph 12.4 is introduced to mandate a reporting institution to establish parameters for the purposes of making permitted disclosure under section 14A (3) of AMLA. 19

20 36. - Insertion of new Paragraph 12.5: The Compliance Officer must ensure that the transmission of the report or related information must be conducted in a controlled environment and that confidentiality of the report or related information is safeguarded, to avoid any leakage to an unauthorised third party. Paragraph 12.5 is introduced to ensure all reports or related information disclosed are protected to avoid any leakage to an unauthorized third party. 37. Sub-paragraph 13.1 (b): Amendment to sub-paragraph 13.1 (b): regular independent audit function to check on the compliance and effectiveness of the reporting institution s AML/CFT framework in relation to the AMLATFA and provisions of these Guidelines. In this regard, such audit findings and any necessary corrective measures to be undertaken must be tabled to the board of directors; regular independent audit function to check on the compliance and effectiveness of the reporting institution s AML/CFT framework in relation to the AMLATFA and provisions of these Guidelines. In this regard, Any such audit findings and any necessary corrective measures to be undertaken must be tabled to the board of directors; 38. Sub-paragraph 13.1 (d): Amendment to sub-paragraph 13.1 (d): structured and on-going training programmes for directors and employees to enhance compliance with the reporting institution s policies and procedures on AML/CFT. structured and ongoing training programmes for directors and employees to enhance compliance with the reporting institution s policies and procedures on AML/CFT. The training programmes must be according to their level of responsibilities 20

21 39. Paragraph 13.2: The training programmes for the directors and employees must be structured according to their level of responsibilities and conducted on a regular basis. This is to ensure that they are kept up-to-date with the latest developments and be reminded of their responsibilities. Deletion of Paragraph 13.2: The training programmes for the directors and employees must be structured according to their level of responsibilities and conducted on a regular basis. This is to ensure that they are kept up-to-date with the latest developments and be reminded of their responsibilities. Paragraph 13.2 is deleted as the requirement is included in the amended Paragraph 13.1 (d). 40. Paragraph 13.4: It is imperative that the compliance officer appointed by a reporting institution has the necessary knowledge, expertise and the required authority to discharge his responsibilities effectively, including knowledge on the relevant laws and regulations and the latest AML/CFT developments. To this end, a reporting institution should encourage its compliance officers to pursue professional qualifications in AML/CFT, so that they are able to carry out their obligations effectively. 41. Sub-paragraph 13.5 (d): timely reporting of the risk assessment and risk mitigation measures to the board of directors; Renumbered as Paragraph 13.3 and amendment to Paragraph 13.3: It is imperative that the The compliance officer appointed by a reporting institution has must have the necessary knowledge, expertise and the required authority to discharge his responsibilities effectively, including knowledge on the relevant laws and regulations and the latest AML/CFT developments. To this end, a A reporting institution should encourage its compliance officers to pursue professional qualifications in AML/CFT, so that they are able to enable him to carry out their his obligations effectively. Renumbered as Paragraph 13.4 (d) and amendment to subparagraph 13.4 (d): timely reporting of the risk assessment and risk mitigation riskbased approach measures to the board of directors; 21

22 42. Sub-paragraph 13.5 (f): internally generated STRs by the branch/subsidiary compliance officers are appropriately evaluated and recorded before submission to the FIED; Renumbered as Paragraph 13.4 (f) and amendment to subparagraph 13.4 (f): internally generated reports on suspicious transactions STRs by the branch/subsidiary compliance officers are appropriately evaluated and recorded before submission to the FIED; 43. Sub-paragraph 13.5 (g): the channel of communication from the respective employees to the branch/subsidiary compliance officer and subsequently to the compliance officer is secured and that information is kept confidential; and Renumbered as Paragraph 13.4 (g) and amendment to subparagraph 13.4 (g): the channel of communication for reporting suspicious transactions from the respective employees to the branch/subsidiary compliance officer and subsequently to the compliance officer is is secured and that information is kept confidential; and 44. Paragraph 13.7: An independent audit to assess the overall effectiveness of the reporting institution s AML/CFT framework referred to in Paragraph 13.1(b) above, may be performed by either an external audit firm or the reporting institution s internal auditor. Deletion of Paragraph 13.7: An independent audit to assess the overall effectiveness of the reporting institution s AML/CFT framework referred to in Paragraph 13.1(b) above, may be performed by either an external audit firm or the reporting institution s internal auditor. Paragraph 13.7 is deleted to be in-line with the requirement under AMLA. 22

23 45. Paragraph 14.1: A reporting institution is required to keep itself updated with the various resolutions passed by the United Nations Security Council (UNSC) on counter terrorism measures, in particular, the UNSC Resolutions 1267 (1999), 1373 (2001), 1988 (2011) and 1989 (2011), which require sanctions against individuals and entities belonging or related to the Taliban and the al- Qaeda organisations. Amendment to Paragraph 14.1: A reporting institution is required to keep itself updated with: a) the various resolutions passed by the United Nations Security Council (UNSC) on counter terrorism measures, in particular, the UNSC Resolutions 1267 (1999), 1373 (2001), 1988 (2011), and 1989 (2011) and 2253 (2015) and other subsequent resolutions which require sanctions against individuals and entities belonging or related associated to al-qaida, thetaliban and the al-qaeda the Islamic State in Iraq (Da esh) organisations. ;and Paragraph 14.1 is amended to clarify the obligation to continuously check the updated UNSC resolutions and orders issued by the Minister of Home Affairs. 46. Paragraph 14.2: Note: The updated and consolidated UNSC List can be obtained at b) orders as may be issued under sections 66B and 66C of the AMLA by the Minister of Home Affairs. Amendment to Paragraph 14.2: Note: The updated UN Consolidated List can be obtained The note under Paragraph 14.2 is amended to reflect the general UNSC website. 47. Paragraph 14.3: A reporting institution must ensure that the information contained in the database is updated and relevant, and made easily accessible to its employees at the head office, branch and subsidiary. Deletion of Paragraph 14.3: A reporting institution must ensure that the information contained in the database is updated and relevant, and made easily accessible to its employees at the head office, branch and subsidiary. Paragraph 14.3 is deleted as it should be reflected in a reporting institution s policies and procedures instead. 23

24 48. Paragraph 14.4: A reporting institution must conduct checks on the names of potential and new customers, as well as regular checks on the names of existing customers, against the names in the database. If there is any name match, the reporting institution must take reasonable and appropriate measures to verify and confirm the identity of its customer. Upon such confirmation, the reporting institution must immediately: a) freeze without delay the customer s fund or block the transaction, if it is an existing customer; b) reject the customer, if the transaction has not commenced; c) lodge a STR with the FIED; and d) inform the SC. Renumbered as Paragraph 14.3 and amendment to Paragraph 14.3: For the purpose of implementing the obligations under section 66B and section 66C of AMLA A, a reporting institution must conduct checks on the names of potential and new customers, as well as regular checks on the names of existing customers, against the names in the database. If there is any name match, the reporting institution must take reasonable and appropriate measures to verify and confirm the identity of its customer. Upon such confirmation, the reporting institution must immediately: a) freeze without delay the customer s fund or block the transaction, if it is an existing customer; b) reject the customer, if the transaction has not commenced; c) lodge a STR with the FIED; and d) notify the SC. 24

25 49. - Insertion of new paragraph 14.6: In addition to relying on the consolidated list, a reporting institution is also required to closely monitor news or developments concerning terrorist activities or terrorism financing. Where names of individuals or entities involved in such terrorist activities or terrorism financing are identified, the reporting institution must check these names against its existing customer database. Where there is a name match, the reporting institution must: (a) (b) lodge a STR with the FIED; and notify the SC. Paragraph 14.4 is amended with the view to strengthen the implementation of targeted financial sanctions relating to terrorism financing. This paragraph now requires a reporting institution to monitor news and development relating to terrorist activities or terrorism financing and where the names of individuals or entities involved in such terrorist activities or terrorism financing are identified, the reporting institution must check these names against its existing customer database Insertion of new Paragraph 14.7: Appendix D provides the detailed obligations of a reporting institution for the implementation of the targeted financial sanctions in relation to terrorism financing. Paragraph 14.7 is amended to introduce Appendix D of the Guidelines on the implementation of the targeted financial sanctions in relation to terrorism financing. 51. Appendix 1- Submission of Suspicious Transaction Report Renumbered as Appendix C- Submission of Suspicious Transaction Report Amendments made pursuant to consequence in the numbering of the appendices Insertion of Appendix A: Guidance on Risk-Based Approach (RBA) for the purpose of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Appendix A is inserted to provide measures in implementing risk-based approach 25

26 53. - Insertion of Appendix B: Guidance on Politically Exposed Person (PEP) Family Members and Close Associates of PEPs Appendix B is inserted to provide measures to be adopted by a reporting institution in dealing with the family members or close associates of PEPs Insertion of Appendix D: Guidance on the Implementation of Targeted Financial Sanction in Relation to Terrorism Financing Appendix D is inserted to provide measures on the implementation of the targeted financial sanctions in relation to terrorism financing 26